NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p10 was released on 21 March 2017. It addresses 6 medium- and 5 low-severity security issues, 4 informational security topics, 15 bugfixes, and contains other improvements over 4.2.8p9.

The ident column identifies the server by IP address or pseudo IP address. The line beginning with 127.127.30.0 is a such a pseudo IP address. It designates a hardware reference clock using driver thirty - the Motorola Oncore GPS driver. I have replaced actual IP addresses with server1, server2, etc. The cnt column gives the number of samples in the peerstats file for the ident. The mean column contains the arithmetic mean or average of the offsets for that server or reference clock. The rms column contains the root mean square of the offsets. This is a measure of central tendency computed as the square root of the sum of the squares of the offsets divided by the number of samples. The max column contains the offset with the greatest absolute value. The delay column has the mean round trip network delay for a network server. dist is the maximum observed synchronization distance, where synchcronization distance is defined as the dispersion plus one half the round trip delay. disp is defined as the maximum error of the server or peer clock relative to the local clock over the network path between them, in seconds. For all of mean, RMS, max, delay, dist, and disp values closer to 0 (zero) are better.

RRDTOOL notes

RRDTOOL defaults to storing non-negative numbers.

NTP offsets will sometimes go negative. To allow negative numbers to be stored you need to tune your RRD databases:

Who is using my NTP server?

You can check which hosts are talking to your time server by using the mru command of ntpq (or in older versions of NTP, the monlist command of ntpdc), e.g.

ntpq -c mru

Please note that a maximum of 600 entries is supported with current versions of ntpq and ntpdc. The protocol (or better: the contents of the return packets) used by ntpq or ntpdc is not standardized, therefore it is recommended to only use ntpq or ntpdc with a matching ntpd, i.e. both should have the same version number.

To get by this 600 entry limitation, many server operators run client statistics scripts, such as Wayne Schlitt's ntp_clients and ntp_clients_stats scripts, which can be found at http://www.schlitt.net/scripts/ntp/index.html . They work very well, but can use quite a bit of system resources if your client counts are in the high thousands. Examples of these scripts in action can be found at: